Secops
team will use some third party tools and when they run they will get risk level
of CVE’s in 3 types.
Depending
on CVSS score level of software,they will be divied in below catagiroies. As
per the below link , for Oracle E-Business Suite:
https://www.inoapps.com/insights/news/oracle-has-released-their-third-cpu-of-2020-heres-your-guide-to-the-latest-updatesA
maximum reported CVSS Base Score of 9.1, indicating critical vulnerability
anything below that is non critical.
Critical
High
Medium
Low
Provide
CVE CODE as provided below
We need to validate each CVE with the below oracle note
id/read me of PSU
Also we get list from the below
https://www.rapid7.com/db/vulnerabilities/oracle-weblogic-cve-2020-5398
Also When you validate need to check BASE SCORE
Validated CVE with
PSU noteid
CVE-2017-5645 JAN-2018
CVE-2018-11058 JUL-2019
CVE-2020-2966 JUL-2020
CVE-2020-2967 JUL-2020
CVE-2020-5398 JUL-2020
CVE-2020-5398 JUL-2020
CVE-2020-9546 JUL-2020
CVE-2020-9546 JUL-2020
CVE-2020-14557 JUL-2020 SUpported version after 12.1
CVE-2020-14572,JUL-2020
CVE-2020-14588 JUL-2020
CVE-2020-14589 JUL-2020
CVE-2020-14622 JUL-2020
CVE-2020-14625 JUL-2020
CVE-2020-14644 JUL-2020
CVE-2020-14645 JUL-2020
CVE-2020-14652,JUL-2020
CVE-2020-14687 JUL-2020
EBS: CPU NOTEID
https://updates.oracle.com/Orion/Services/download?type=readme&aru=23587565
Notes: https://www.oracle.com/security-alerts/cpujul2020.html
1. Outside In Technology
is a suite of software development kits (SDKs). The protocol and CVSS score
depend on the software that uses the Outside In Technology code. The CVSS score
assumes that the software passes data received over a network directly to
Outside In Technology code, but if data is not received over a network the CVSS
score may be lower.
No comments:
Post a Comment